PatchSiren

PatchSiren cyber security CVE debrief

CVE-2020-1472 Microsoft CVE debrief

CVE-2020-1472 is a Microsoft Netlogon privilege-escalation vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. CISA marks it as known to be used in ransomware campaigns and directs organizations to apply updates per vendor instructions, with additional guidance referenced in Emergency Directive 20-04.

Vendor
Microsoft
Product
Netlogon
CVSS
Unknown
CISA KEV
Listed
Original CVE published
2021-11-03
Original CVE updated
2021-11-03
Advisory published
2021-11-03
Advisory updated
2021-11-03

Who should care

Microsoft Windows administrators, Active Directory and identity service owners, security operations teams, and incident responders responsible for systems that rely on Netlogon.

Technical summary

CISA identifies this issue as a Microsoft Netlogon privilege-escalation vulnerability and records it as a known exploited weakness. The KEV entry points defenders to vendor updates and to CISA Emergency Directive 20-04 for additional guidance and requirements.

Defensive priority

Urgent

Recommended defensive actions

  • Apply Microsoft updates per vendor instructions.
  • Review and follow CISA Emergency Directive 20-04 for additional guidance and requirements.
  • Prioritize exposure assessment and remediation for any environment using Microsoft Netlogon.
  • Treat related alerting or compromise signals as high priority because CISA lists known ransomware campaign use.

Evidence notes

Evidence is limited to the supplied CISA KEV source item and its metadata. The KEV record names Microsoft Netlogon Privilege Escalation Vulnerability, records dateAdded 2021-11-03, dueDate 2022-05-03, knownRansomwareCampaignUse as Known, and references CISA ED 20-04 plus the NVD CVE detail page. No CVSS score was provided in the corpus.

Official resources

Publicly listed by CISA as a known exploited vulnerability; KEV metadata also indicates known ransomware campaign use.